Hi Felix, Sorry for the delay in getting back to you.
On Fri, Apr 06, 2018 at 09:40:40PM +0200, Felix Natter wrote: > hello Security Team, > > here are the CVE-2018-1000069 security updates for jessie and stretch: > > [jessie] > https://anonscm.debian.org/cgit/pkg-java/freeplane.git/log/?h=jessie-CVE-2018-1000069 > (jessie-CVE-2018-1000069 branch) > > [stretch] > https://anonscm.debian.org/cgit/pkg-java/freeplane.git/log/?h=stretch-CVE-2018-1000069 > (stretch-CVE-2018-1000069 branch) > > Both are tested: > - builds > - activation log message is seen > - Save and Load XML works > > In what format would you like the "tested packages"? *.deb? > > Here is the corrsponding upstream commit: > https://github.com/freeplane/freeplane/commit/a5dce7f9f > > The debdiffs are attached. Debdiffs looks good to me. I just have a question, for the jessie-debdiff: In the ScriptingRegistration.java was the removal of the import of org.freeplane.n3.nanoxml.XMLParserFactory not done on purpose? Other than that, when above question commented on, feel free to upload to security-master (AFICS you will need a sponsor, but guess Markus will cime in here as well). Remember that both needs to be build with -sa. Regards, Salvatore
